Security Advisory

CVE-2020-37117

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-05 16:13:29

Last updated 2026-03-05 01:28:05

Assigner VulnCheck

State PUBLISHED

Description

jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and download_url parameters to trigger unauthorized file downloads.

← Browse all CVEs View on cve.org ↗